By sending a malicious attachment to a mail server running ClamAV, aremote attacker could cause a Denial of Service or the execution ofarbitrary code. Note that the overflow in the PE header parser is onlyexploitable when the ArchiveMaxFileSize option is disabled.

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-06.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.